If a person forgets their password, what is the more secure way of getting them a new one?

A. Randomly generate 7 letter/number password and sent it to their email
B. Send a link to their email that lets them reset their password.

I have their passwords stored in a mysql database in md5 hashed format, so I cant just give them what their pass was.

Both are at the same level of security since it requires email access.

If security is so much a factor, you might want to add a question/answer or extra field requirements to reset the password (username/name).

Peace,

Yeah I thought about that, it's not like this is whitehouse.org or anything but this will be a freely distributed CMS so I want it as secure as possible.

I would go the email route. People don't always forget their password, but often their username as well. This way you have one basic "I forgot my stuff" system that emails both the username and a newly generated password. You don't need both a method to reset their password and a method to find their username.

Proceeding to the recommendations above, I'd highly recommend to install Captcha so that robots wouldn't be able to tryout accessing recoverable accounts (security issues that could be sealed). ;)